Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if
you receive a YAML document from an untrusted source
such as the Internet. The function yaml.safe_load()
limits this ability to simple Python objects like
integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I1f809b4a68e9ec7b7a04cde2b77767cec7434965
This commit is contained in:
gecong1973 2017-02-04 11:14:08 +08:00
parent c54367035d
commit b66cfc576c

View File

@ -27,7 +27,7 @@ patch_system = mock.patch('storops.UnitySystem')
def load_yaml(file_name): def load_yaml(file_name):
yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name) yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name)
with open(yaml_file) as f: with open(yaml_file) as f:
res = yaml.load(f) res = yaml.safe_load(f)
LOG.debug('Loaded yaml mock objects from %s.', yaml_file) LOG.debug('Loaded yaml mock objects from %s.', yaml_file)
return res return res